shyam sunder prasad wrote:lot of people are using md5 for encryption,so how they are validating the password then?
suppose user entering password then how can i validate it ?

After challenging the user for the password, run the same algorithm on the password to get the md5 hash. Compare the newly hashed value with the previously saved one. If the two hashes matches, then the passwords are, for most intents and purposes, can be considered as a match.

No, no one can encrypt anything with MD5. It simply can't do that. What it can do is hash a thing.

By definition, when you encrypt (better term is encipher) you expect to be able to reverse the action and decrypt/decipher the resulting ciphertext. You can not do that with any cryptographic hash (MD5, SHA1, SHA256, etc.).

shyam sunder prasad
Ranch Hand

Joined: Mar 23, 2011
Posts: 62

posted May 21, 2011 22:24:33

0

Can Help me out how to write encrypt-er and decrypt er with any cryptographic hash (MD5, SHA1, SHA256, etc.). ?

Ulf Dittmer wrote:Did you read Pat's and my posts about how that is impossible?

I delayed responding to this post to give the OP time understand why in the narrow context of the his initial requirement to 'decrypt' a digest then this is indeed true. BUT under his latest wider context of -

shyam sunder prasad wrote:Can Help me out how to write encrypt-er and decrypt er with any cryptographic hash (MD5, SHA1, SHA256, etc.). ?

then this is most definitely possible.

One approach (there are many others) is to use the digest to create a stream of pseudo random bytes and to use these to create a stream cipher using a kind of CFB mode. One starts with a set of key bytes and an IV and digests the concatenation of these to create the first block of pseudo random bytes. These are then xored in sequence with the bytes of the cleartext to create the ciphertext bytes. When the block of pseudo random bytes has been used one then creates a new block by digesting the the last N ciphertext bytes concatenated with the key bytes. This process is repeated until all the cleartext has been encrypted.

Obviously the key has to be kept secret and although an IV does not need to be kept secret and can be shipped in the clear, in common with pretty much all stream ciphers, a particular IV should never ever be used more than once.

Two point to bear in mind :-

1) the above encryption scheme has had very little analysis and cannot be recommended. Since AES is the 'standard' symmetric encryption algorithm of much of the world one should use AES or whichever algorithm your government prefers. One will never get sacked if ones government's preferred encryption algorithm is shown to be flawed but if any home grown algorithm is flawed then one needs to have a very very very good reason to have used it in preference to the preferred encryption algorithm .

2) it is generally considered insecure to encrypt passwords and it is usually better to use a randomly seeded digest.

Retired horse trader.
Note: double-underline links may be advertisements automatically added by this site and are probably not endorsed by me.

Only if you mean "encipher and decipher using an untrusted algorithm that happens to have MD5, SHA1, etc. as one part"

You are proposing a hack that uses the crypto-hash as a key generator to a stream cipher.

Later on, you properly say "just use AES" or TwoFish, BlowFish, etc. which is the real advice.

Home-grown ciphers nearly always have fatal flaws. Using the known, proven, and already implemented ciphers is not only easier than hacking something together, its far more likely to actually achieve what your goal is. At least if the goal is to secure the passwords. Even with a proven algorithm, it is easy to screw up and lose your security.

At a higher level, the standard is to use a one-way hash for a reason. There is no practical advantage to being able to decrypt a password, and there are many practical disadvantages. In short, not only is doing what the OP asked impossible as phrased, but even if you changed it to a more generic "How do I crypt and decrypt passwords in my system" the only proper answer is "don't do that"

Only if you mean "encipher and decipher using an untrusted algorithm that happens to have MD5, SHA1, etc. as one part"

As I indicated in my response.

You are proposing a hack that uses the crypto-hash as a key generator to a stream cipher.

No. Far from it. I am just trying to correct the impression gained from the rest of the thread that a Digest cannot be used as the basis for a encryption. It can but I did not and do not propose it should be used.

Later on, you properly say "just use AES" or TwoFish, BlowFish, etc. which is the real advice.

Home-grown ciphers nearly always have fatal flaws. Using the known, proven, and already implemented ciphers is not only easier than hacking something together, its far more likely to actually achieve what your goal is. At least if the goal is to secure the passwords. Even with a proven algorithm, it is easy to screw up and lose your security.

At a higher level, the standard is to use a one-way hash for a reason. There is no practical advantage to being able to decrypt a password, and there are many practical disadvantages. In short, not only is doing what the OP asked impossible as phrased, but even if you changed it to a more generic "How do I crypt and decrypt passwords in my system" the only proper answer is "don't do that"

Nothing in my response is meant to endorse the use of a home grown encryption algorithm or the use of encryption for when storing passwords; I thought I had made that very very clear. My motive was to dispel the impression that a message digest could not be used as the basis for encryption. The method I described is not mine; if I can find a reference that describes it I will post the link.

Edit : Section 14.11 in "Applied Cryptography" second edition by Bruce Schneier describes several schemes in the same vein as the one I outlined. If not the the actual bible, this book is at least considered one of the gospels of cryptography.

James Sabre wrote:Edit : Section 14.11 in "Applied Cryptography" second edition by Bruce Schneier describes several schemes in the same vein as the one I outlined. If not the the actual bible, this book is at least considered one of the gospels of cryptography.

And for that tiny percentage of programmers who have read and understand Applied Cryptography, its only a minor sin to do as you propose. For the vast majority, the instructions should be clear and unambiguous: use AES or some real cipher when you want to encipher. And never, never encipher a password, hash it.

James Sabre wrote:Edit : Section 14.11 in "Applied Cryptography" second edition by Bruce Schneier describes several schemes in the same vein as the one I outlined. If not the the actual bible, this book is at least considered one of the gospels of cryptography.

And for that tiny percentage of programmers who have read and understand Applied Cryptography, its only a minor sin to do as you propose.

I have re-read my first response several times just to make sure I said what I wanted to say and 'propose' is far far too strong a word. To dispel a myth I described an approach to cryptography using message digest that could be used and then went on to say it should not be used.